Exemplo n.º 1
0
        /// <summary>
        /// Checks if a user meets a specific set of requirements for the specified resource.
        /// </summary>
        /// <param name="user">The user to evaluate the requirements against.</param>
        /// <param name="resource">The resource to evaluate the requirements against.</param>
        /// <param name="requirements">The requirements to evaluate.</param>
        /// <returns>
        /// A flag indicating whether authorization has succeded.
        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
        /// </returns>
        public async Task <AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable <IAuthorizationRequirement> requirements)
        {
            if (requirements == null)
            {
                throw new ArgumentNullException(nameof(requirements));
            }

            var authContext = _contextFactory.CreateContext(requirements, user, resource);
            var handlers    = await _handlers.GetHandlersAsync(authContext);

            foreach (var handler in handlers)
            {
                await handler.HandleAsync(authContext);

                if (!_options.InvokeHandlersAfterFailure && authContext.HasFailed)
                {
                    break;
                }
            }

            var result = _evaluator.Evaluate(authContext);

            if (result.Succeeded)
            {
                _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
            }
            else
            {
                _logger.UserAuthorizationFailed(GetUserNameForLogging(user));
            }
            return(result);
        }
Exemplo n.º 2
0
        private void CheckAuth(
            INode node,
            IProvideMetadata provider,
            ClaimsPrincipal user,
            ValidationContext context,
            OperationType?operationType)
        {
            if (provider == null || !provider.RequiresAuthorization())
            {
                return;
            }

            // TODO: async -> sync transition
            var result = _evaluator
                         .Evaluate(user, context.UserContext, context.Inputs, provider.GetPolicies())
                         .GetAwaiter()
                         .GetResult();

            if (result.Succeeded)
            {
                return;
            }

            string errors = string.Join("\n", result.Errors);

            context.ReportError(new ValidationError(
                                    context.Document.OriginalQuery,
                                    "authorization",
                                    $"You are not authorized to run this {operationType.ToString().ToLower()}.\n{errors}",
                                    node));
        }
Exemplo n.º 3
0
        public static Task <AuthorizationResult> Authorize(this IProvideMetadata type,
                                                           ClaimsPrincipal principal,
                                                           object userContext,
                                                           IAuthorizationEvaluator evaluator)
        {
            var list = GetPolicies(type);

            return(evaluator.Evaluate(principal, userContext, list));
        }
Exemplo n.º 4
0
 public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
 {
     if (_config.CurrentValue.EnableSecurity)
     {
         return(_defaultEvaulator.Evaluate(context));
     }
     else
     {
         return(AuthorizationResult.Success());
     }
 }